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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.1 14, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 9/20/2010 has been entered. 

Response to Amendment 

The applicant has amended claims 8 and 21. Claims 8-14 and 21-28 are currently 
pending. 

Response to Arguments 

Applicant's arguments with respect to claims 8-14 and 21-28 have been considered but 
are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

Claims 21-28 are rejected under 35 U.S.C. 101 because the claimed invention is directed 
to non- statutory subject matter. Claim 21 is directed towards a policy and attribute based 
resource session manager, residing in a computer-accessible medium. The applicant's 
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specification does not feature a limiting definition of the claimed computer-accessible medium 
so the claim can be interpreted broadly as possibly covering transitory mediums. Claims to 
transitory mediums do not fit into any of the statutory categories of invention. Claim 22-28 are 
directed towards the policy and attribute based resource session manager but not the medium. 
The applicant does not limit the resource session manager to hardware so claims 22-28 can be 
reasonably interpreted to cover software per se. Claims to software per se do not fit into any of 
the statutory categories of invention. 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such thai the subject mallei' as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 8-14 and 21-28 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
U.S. Patent Application Publication Number 2008/0134286 by Amdur et al. in view of U.S. 
Patent Number 6,072,875 to Tsudik and U.S. Patent Number 7,487,233 to Iwamoto et al. 

As to claim 8, Amdur teaches a method implemented in a computer-readable medium and 
for executing on a proxy server (Fig. 3 embodiment) the method for policy and attribute based 
access to a resource, comprising: receiving, at the proxy server, a session request for access to a 
resource, wherein the session request is sent from a service and includes alias identity 
information for a principal (paragraph 94, the user's login name is considered the alias or 
alternatively the biometric data in paragraph 188 can be considered an alias), wherein the alias 
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identity information includes a password and a principal identification (paragraph 188 mentions 
a password and identification); mapping, by the proxy server, the alias identity information to 
identity information of the principal, the identity information associated with the true identity of 
the principal whereas the alias identity information is the password and the principal 
identification and the identity information and the true identity of the principal available to the 
proxy server by not the service or the resource (paragraphs 95-96); authenticating, by the proxy 
server, the identity information; acquiring, by the proxy server, a service contract for the 
principal, the service, and the resource, obtaining the service contract selective resource access 
policies and attributes which are permissibly used by the service when accessing the resource on 
behalf of the principal (paragraphs 95-96); defining, via the service contract, a tripartite 
relationship among the principal, the service, and the resource, the service contract is derived 
from an identity configuration of the principal (paragraph 140); and establishing, by the proxy 
server, a session with the service, wherein the session is controlled by the service contract 
(paragraphs 95-96); however Amdur does not explicitly teach alias information that is randomly 
generated from identity information that identifies the true identity of the principal nor does 
Amdur explicitly teach the claimed security strictures. 

Tsudik teaches a method wherein alias information that is randomly generated from 
identity information that identifies the true identity of the principal (see abstract and 
corresponding disclosure. The encrypted identifier and password are considered randomized). 

Iwamoto teaches a service contract including security strictures for the tripartite 
relationship including the selective resource access policies and the attributes, the access policies 
define operations that the service can perform on behalf of the principal against the resource and 



Application/Control Number: 10/676,231 Page 5 

Art Unit: 2442 

those access policies map to attributes, the attributes define specific data fields defined within the 
resource (col. 8, lines 1-34) and Iwamoto teaches a service contract for a principal, a service, and 
a resource, the service contract is derived from an identity configuration for the principal and the 
identity configuration represents aggregated access policies and attributes for the principal with 
respect to the resource and all known services that are available to the principal, each service is 
an application or system that the principal used to gain access to the resource (col. 8, lines 1-34). 

It would have been obvious to one of ordinary skill in the Computer Networking art at the 
time of the invention to combine the teachings of Amdur regarding using a proxy to authenticate 
users with the teachings of Tsudik regarding randomized alias identification because such 
randomization prevents an intruder from detecting a user's identity or moves though the network. 

It would have been obvious to one of ordinary skill in the Computer networking art at the 
time of the invention to combine the teachings of the Amdur-Tsudik combination regarding 
using a proxy to authenticate users and randomized alias identification with the teachings of 
Iwamoto regarding the claimed security strictures because Iwamoto relates to methods and 
systems for managing user access to networked resources (Iwamoto, col. 1, lines 7-36) such as 
those taught be the Amdur and Tsudik. Combining Amdur, Tsudik, and Iwamoto in the claimed 
manner would produce a predictable result as all three references deal with the field of security 
and the combination would not require any substantial modifications in order to be viable. 

As to claim 9, Amdur teaches the method of claim 8 further comprising accessing an 
identity configuration for the principal in order to acquire the selective resource access policies 
and attributes included within the service contract (paragraph 96). 
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As to claim 10, Amdur teaches the method of claim 8 further comprising denying access 
attempts made by the service during the session when the access attempts are not included within 
the service contract (paragraphs 95-96). 

As to claim 11, Amdur teaches the method of claim 8 further comprising terminating the 
session when an event is detected that indicates the service contract is compromised or has 
expired (paragraphs 198-199). 

As to claim 12, Amdur teaches the method of claim 8 further comprising establishing the 
service contract with the principal prior to receiving the session request (paragraphs 95-96). 

As to claim 13, Amdur teaches the method of claim 12 further comprising reusing the 
service contract to establish one or more additional sessions with the service, wherein the one or 
more additional sessions are associated with one or more additional session requests made by the 
service (paragraphs 93-96). 

As to claim 14, Amdur teaches the method of claim 1 2 wherein the establishing further 
includes establishing the service contract with the principal in response to a redirection operation 
performed by a proxy that intercepts a browser request issued from the principal to the service 
for purposes of accessing the resource (paragraph 88). 

Claim 21 is rejected for the same reasoning as claim 8. 

As to claim 22, Amdur teaches the policy and attribute based resource session manager of 
claim 21 having instructions further comprising, permitting the service to indirectly access an 
identity store which represents the resource, and wherein the identity store includes secure 
information related to the principal (paragraphs 95-96). 
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As to claim 23, Amdur teaches the policy and attribute based resource session manager of 
claim 21 having instructions further comprising terminating the session when the service contract 
expires or is compromised (paragraphs 198-199). 

As to claim 24, Amdur teaches the policy and attribute based resource session manager of 
claim 21, wherein the requesting of the mapping further includes interacting with an alias 
translator (paragraphs 95-96). 

As to claim 25, Amdur teaches the policy and attribute based resource session manager of 
claim 21, wherein the requesting of authentication further includes interacting with an 
identification authenticator (paragraphs 95-96). 

As to claim 26, Amdur teaches the policy and attribute based resource session manager of 
claim 21 having instructions further comprising managing the session by acting as an 
intermediary between the service and a legacy Lightweight Directory Access Protocol (LDAP) 
application which has access privileges to the resource (paragraphs 97-103). 

As to claim 27, Amdur teaches the policy and attribute based resource session manager of 
claim 26, wherein the receiving further includes intercepting a session request that is issued from 
the service for the legacy LDAP application, wherein the session request includes the alias 
identity information (paragraphs 97-103). 

As to claim 28, Amdur teaches the policy and attribute based resource session manager of 
claim 27 having instructions further comprising managing the session with respect to the service 
as if the policy based resource session manager were the legacy LDAP application (paragraphs 
97-103). 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DOUGLAS B. BLAIR whose telephone number is (571)272- 
3893. The examiner can normally be reached on 9:00am-5 :30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Glen Burgess can be reached on (571) 272-3949. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Douglas B Blair/ 

Primary Examiner, Art Unit 2442 



